Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManagerChassis Management Controller Version 3.20 For Dell PowerEdge VRTX
141142143144145146147148149150
To disable the certicate validation during an handshake (optional):
racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0
NOTE: In this case, you do not have to upload a CA certicate.
To enforce the certicate validation during SSL handshake (optional):
racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 1
In this case, you must upload a CA certicate:
racadm sslcertupload -t 0x2 -f < ADS root CA certificate >
NOTE: If certicate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Make sure that DNS is
congured correctly under.
Using the following RACADM command may be optional:
racadm sslcertdownload -t 0x1 -f < RAC SSL certificate >
Conguring Generic LDAP Users
CMC provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does not
require any schema extension on your directory services.
A CMC administrator can now integrate the LDAP server user logins with CMC. This integration requires conguration on both LDAP
server and CMC. On the LDAP server, a standard group object is used as a role group. A user who has CMC access becomes a member of
the role group. Privileges are still stored on CMC for authorization similar to the working of the Standard Schema setup with Active
Directory support.
To enable the LDAP user to access a specic CMC card, the role group name and its domain name must be congured on the specic
CMC card. You can congure a maximum of ve role groups in each CMC. A user has the option to be added to multiple groups within the
directory service. If a user is a member of multiple groups, then the user obtains the privileges of all their groups.
For information about the privileges level of the role groups and the default role group settings, see Types of Users.
Conguring the Generic LDAP Directory to Access CMC
The CMC's Generic LDAP implementation uses two phases in granting access to a user—user authentication, and then the user
authorization.
Authentication of LDAP Users
Some directory servers require a bind before a specic LDAP server can be searched for.
To authenticate a user:
1 Optionally bind to the Directory Service. The default is an anonymous bind.
NOTE
: The Windows-based directory servers do not allow anonymous login. Hence, enter the bind DN name and password.
2 Search for the user on the basis of the user login. The default attribute is uid. If more than one object is found, then the process
returns an error.
3 Unbind and perform a bind with the user's DN and password. If the system is unable to bind, then the login will not be successful.
4 If these steps succeed, the user is authenticated.
146
Conguring User Accounts and Privileges